Canada Goose is investigating a major data leak after a hacking group claimed it published information linked to more than 600,000 customers. The luxury outerwear company became aware of the situation after the data appeared on a known leak site. The incident has raised serious concerns because of the size of the dataset involved. The company has confirmed that it is actively reviewing the matter.

Canada Goose retail store exterior as the company investigates alleged leak of 600,000 customer records.

The group behind the claim is known as ShinyHunters, a well-known cybercriminal organization. This group has previously been linked to large data leaks affecting major companies. According to their post, the released archive contains hundreds of thousands of customer records. The group shared the data publicly after allegedly obtaining it earlier.

Reports indicate that the leaked dataset is around 1.67 GB in size and was shared in JSON format. Security researchers who reviewed samples confirmed that the data appears genuine. The records include customer names, email addresses, and phone numbers. It also contains billing addresses, shipping details, and order histories.

Glowing database servers symbolizing leaked customer records in the Canada Goose 600,000 user data breach incident.

In addition to personal details, the dataset includes partial payment card information. This consists of card brands, the last four digits of card numbers, and in some cases the first six digits linked to issuing banks. Full card numbers and security codes were not found in the reviewed samples. However, even partial financial details can still pose risks.

Canada Goose stated that the data appears to be linked to historic customer transactions. The company said there is currently no evidence suggesting its internal systems were breached. According to its review so far, there are no signs that unmasked financial data was exposed. The investigation is still ongoing as the company works to verify all details.

Illustration of digital payment card on smartphone representing partial credit card data exposure in Canada Goose customer data leak.

The hackers have claimed that the dataset did not come from a direct breach of Canada Goose’s systems. Instead, they suggested the information may have originated from a third-party payment processor. They also stated that the data dates back to August 2025. At this stage, these claims have not been independently confirmed.

Cybersecurity experts warn that exposed personal data can still be misused. Information such as names, addresses, and partial card details can help criminals carry out phishing or social engineering attacks. Attackers may use such data to appear more convincing when targeting victims. This increases the risk of fraud even without full payment information.

Cybersecurity graphic showing social engineering attack risks following exposure of Canada Goose customer information.

Canada Goose has said it will continue investigating and take appropriate action if needed. It is not yet clear how many customers may ultimately be affected. The company has not announced whether direct notifications will be sent. This incident once again highlights the growing challenges companies face in protecting customer data.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news